堆栈内存溢出
  简体   繁体   English

如何通过 CloudFormation 添加 AWS 托管策略

[英]How to add AWS managed policy through CloudFormation

 原文  2022-03-29 10:31:15       amazon-web-services/ amazon-cloudformation/ amazon-iam

问题描述

I want to add AWS managed policy (AmazonSSMFullAccess) to a role using CloudFormation.我想使用 CloudFormation 将 AWS 托管策略 (AmazonSSMFullAccess) 添加到角色。 I tried to use AWS::IAM::ManagedPolicy but it creates a Customer Managed policy and I don't want that.我尝试使用AWS::IAM::ManagedPolicy ,但它创建了一个客户管理的策略,我不希望这样。 I want it to be AWS managed.我希望它由 AWS 托管。 Do you have any idea how can I do that?你知道我该怎么做吗?

I am trying to add AWS managed AmazonSSMFullAccess and here is the code I am using in mu CF template:我正在尝试添加 AWS 托管的 AmazonSSMFullAccess,这是我在 mu CF 模板中使用的代码:

AmazonSSMFullAccess:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      PolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Action:
              - 'cloudwatch:PutMetricData'
              - 'ds:CreateComputer'
              - 'ds:DescribeDirectories'
              - 'ec2:DescribeInstanceStatus'
              - 'logs:*'
              - 'ssm:*'
              - 'ec2messages:*'
            Resource: '*'
          - Effect: Allow
            Action: 'iam:CreateServiceLinkedRole'
            Resource: >-
              arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*
            Condition:
              StringLike:
                'iam:AWSServiceName': ssm.amazonaws.com
          - Effect: Allow
            Action:
              - 'iam:DeleteServiceLinkedRole'
              - 'iam:GetServiceLinkedRoleDeletionStatus'
            Resource: >-
              arn:aws:iam::*:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM*
          - Effect: Allow
            Action:
              - 'ssmmessages:CreateControlChannel'
              - 'ssmmessages:CreateDataChannel'
              - 'ssmmessages:OpenControlChannel'
              - 'ssmmessages:OpenDataChannel'
            Resource: '*'

第一行是我从 CF 获得的政策,第二行是我需要的政策

1 个解决方案

解决方案1
 -1 已采纳  2022-03-29 21:41:22

You can't create AWS managed policies , because only AWS can do it.无法创建 AWS 托管策略,因为只有 AWS 可以做到。 You, as an AWS customer can only create customer managed policies.作为 AWS 客户,您只能创建客户托管策略。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 AWS 托管政策与政策 - AWS Managed Policy Vs Policy AWS SNS 主题策略 Cloudformation - AWS SNS Topic Policy Cloudformation 如何在 AWS CDK 中使用 CloudFrontWebDistribution 启用 SecurityHeaders 的托管响应 header 策略? - How to enable managed response header policy of SecurityHeaders with CloudFrontWebDistribution in AWS CDK? 使用 cdk 添加托管策略 aws - Adding managed policy aws with cdk 使用 CDK 为 AWS Lambda 提供 AWS 托管策略 - Give AWS Lambda an AWS Managed Policy with CDK 如何通过 cloudformation 删除包含图像的 aws ECR 存储库? - How to delete aws ECR repository which contain images through cloudformation? AWS CloudFormation:如何在 AWS::IAM::Policy 中引用另一个堆栈中定义的角色 - AWS CloudFormation: How to refer a role defined in another stack inside AWS::IAM::Policy AWS IoT:通过 CloudFormation 进行队列索引设置 - AWS IoT : Fleet indexing settings through CloudFormation 在 CloudFormation 模板中为 API 添加资源策略? - Add resource policy for API in CloudFormation template? 如何通过 cloudformation 模板向 Kinesis Firehose Delivery stream 添加标签? - How to add tag to a Kinesis Firehose Delivery stream through cloudformation template?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM